gafgyt | 869c3b773673073f1bd0e6dc299755dedf5f1f319d29000620261016f872e525 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

499415a8d2047ef4a2abd1230ed88a68
Size

92KB
Sample

231219-246zwsaffn
MD5

499415a8d2047ef4a2abd1230ed88a68
SHA1

39b0c45cdc67bf8ccd62d66ee5c50d26d33a3817
SHA256

869c3b773673073f1bd0e6dc299755dedf5f1f319d29000620261016f872e525
SHA512

b02673d8755ab7eb43a473ceac8f7547a5a29d27450ae511151e79ad942311f2de3ef1505a7bd823c92a72bf64aac474aa69efeeaebc47c2423b5ff1a1ef45b0
SSDEEP

1536:0yXDP3ZhUNUPXPKDEKCifde5c8/z4dzJWctU5mZ5hAaQ882PM37K8PN2UrYe:vXj7UNUPXyEMfdIc87MzJlZ5hAaQ882a

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

102.165.50.10:282

Targets

- Target
  
  499415a8d2047ef4a2abd1230ed88a68
- Size
  
  92KB
- MD5
  
  499415a8d2047ef4a2abd1230ed88a68
- SHA1
  
  39b0c45cdc67bf8ccd62d66ee5c50d26d33a3817
- SHA256
  
  869c3b773673073f1bd0e6dc299755dedf5f1f319d29000620261016f872e525
- SHA512
  
  b02673d8755ab7eb43a473ceac8f7547a5a29d27450ae511151e79ad942311f2de3ef1505a7bd823c92a72bf64aac474aa69efeeaebc47c2423b5ff1a1ef45b0
- SSDEEP
  
  1536:0yXDP3ZhUNUPXPKDEKCifde5c8/z4dzJWctU5mZ5hAaQ882PM37K8PN2UrYe:vXj7UNUPXyEMfdIc87MzJlZ5hAaQ882a
Score

7^/10
- Changes its process name
- Deletes itself
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1